I have an amazon ec2 instance running ubuntu. There are only a couple of user accounts and the server is used to host a small web app. Apparently, by default, each user account has an email account. We do not use these accounts.

Recently I discovered that one of the accounts is receiving "undeliverable message" emails from spam being sent in its name. We're receiving hundreds per hour and we didn't notice until the disk filled up.

Of course we deleted all the emails and in the time it took for the delete to complete we had received 30 more.

The best solution is to disable the email for this account. We want to keep the account though. Is there a way to just remove the email account for a user without affecting the account itself. Googling didn't help me. I only found directions for deleting individual emails or deleting the entire user account.

3 Answers
3

Those emails are handled by your MTA, in ubuntu, it ispostfix. If you don't use the accounts then disabling the service would be what i would recommend.

sudo update-rc.d stop postfix # stops the service

sudo update-rc.d disable postfix # disable the service from starting at boot

Reconfiguring postfix to only listen on the loopback address is also a option. The email spools are still there, but only other users/daemons may mail each other. Edit /etc/postfix/main.cf and change these two options to read

In addition to the correct answer posted by llua you should set an SPF record for the domain. This will reduce the effectiveness of people trying to forge your return address. It does not prevent the phenomenon, but it greatly reduces the mailers that will receive such mail (all the big webmail services support SPF).